CVE-2008-6231

Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/32557	Vendor Advisory
http://www.securityfocus.com/bid/32126
http://www.vupen.com/english/advisories/2008/3019
https://exchange.xforce.ibmcloud.com/vulnerabilities/46390
https://www.exploit-db.com/exploits/7000
http://secunia.com/advisories/32557	Vendor Advisory
http://www.securityfocus.com/bid/32126
http://www.vupen.com/english/advisories/2008/3019
https://exchange.xforce.ibmcloud.com/vulnerabilities/46390
https://www.exploit-db.com/exploits/7000

Configurations

Configuration 1 (hide)

cpe:2.3:a:preprojects:pre_classified_listings:-:*:*:*:*:*:*:*

History

21 Nov 2024, 00:56

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/32557 - Vendor Advisory~~	() http://secunia.com/advisories/32557 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/32126 -~~	() http://www.securityfocus.com/bid/32126 -
References	~~() http://www.vupen.com/english/advisories/2008/3019 -~~	() http://www.vupen.com/english/advisories/2008/3019 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/46390 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/46390 -
References	~~() https://www.exploit-db.com/exploits/7000 -~~	() https://www.exploit-db.com/exploits/7000 -

Information

Published : 2009-02-20 23:30

Updated : 2024-11-21 00:56

NVD link : CVE-2008-6231

Mitre link : CVE-2008-6231

CVE.ORG link : CVE-2008-6231

JSON object : View

Products Affected

preprojects

pre_classified_listings

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2008-6231", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-02-20T23:30:00.500", "references": [{"url": "http://secunia.com/advisories/32557", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32126", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3019", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46390", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/7000", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32557", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32126", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/3019", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46390", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/7000", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to \"admin\"."}, {"lang": "es", "value": "Pre Classified Listing PHP permite a atacantes remotos evitar la autenticacion y conseguir acceso con privilegios de administrador mediante la manipulacion de los parametros de las cookies (1) \"adminname\" y (2)\"adminid\" a \"admin\"."}], "lastModified": "2024-11-21T00:56:00.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:preprojects:pre_classified_listings:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCEC5E80-CC13-43A5-B2BB-CB4BB88AF7E9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10